From owner-freebsd-security@FreeBSD.ORG Sun Jun 18 20:39:06 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 206C216A47F for ; Sun, 18 Jun 2006 20:39:06 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30306.mail.mud.yahoo.com (web30306.mail.mud.yahoo.com [68.142.200.99]) by mx1.FreeBSD.org (Postfix) with SMTP id D5F1143D49 for ; Sun, 18 Jun 2006 20:39:04 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 31163 invoked by uid 60001); 18 Jun 2006 20:39:03 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=PtqHyMDbv/gwyiAcqCYFravQeaIQ3dTr2zqDxF9PW/yuwJPPLgHe739k5IDtovzBZgV0E3vhLuMMu0Zoj2305nDW5i/2e4cK5DL8+n3SLOznCz/7Dt+e1vzE77XgD6UicWOZrL9CbBzBekPF2glhbGZ5vfzyOIb+qfm4g2n052Q= ; Message-ID: <20060618203903.31161.qmail@web30306.mail.mud.yahoo.com> Received: from [213.54.84.110] by web30306.mail.mud.yahoo.com via HTTP; Sun, 18 Jun 2006 13:39:03 PDT Date: Sun, 18 Jun 2006 13:39:03 -0700 (PDT) From: "R. B. Riddick" To: Nick Borisov , freebsd-security@freebsd.org In-Reply-To: <3bcb4e3f0606181309h70c08dc6l691bbb6e5b48615a@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2006 20:39:06 -0000 --- Nick Borisov wrote: > Well, providing zeroed pages to processes is not quite similar to > explicit cleaning of pages after use as some security standards > demand. That's why I'm asking. The "Z" malloc option seems to be > suitable but it's actually for debugging. > Since you would need (aa) root access (for reading /dev/mem (or what would it be?)) and/or (bb) physical access (for reading the content of powered off RAM) to the system to read the content of used pages, it would not help, if those pages are zero-ed after their use, because: (AA) User root has access to every or about every page in physical memory (e. g. while the process uses it; or after kernel-modification). and (BB) The one who has physical access has root access (e.g. by altering the content of the harddisc). Conclusion: Instead of zero'ing pages immediately after the process does not need them anymore, it would be much better, to keep the system safe (especially: security relevant software patches; and (even more) physical safety) Or maybe I missed something... :-) -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com